Saturday, January 29, 2022

DeFi needs more secrecy, but not too much secrecy, and the right sort of secrecy

[Below is my contribution to CoinDesk's Privacy Week

The Privacy That DeFi Needs to Succeed

The transparency of blockchains is often marketed as a benefit. It's not. Main Street financial consumers are never going to adopt blockchain-based financial tools as long as blockchains are radically transparent. Regular folks have secrets that they want to keep.

One of the most promising use cases for blockchains is decentralized finance (DeFi). The people who are building DeFi tools aspire for DeFi to be something more than a skate park for the risk-loving crypto-rich. They want their tools to solve real-world financial problems faced by individuals and companies, including America's 31.7 million small businesses.

Imagine a cash-starved manufacturer in Toledo, Ohio, that has a good idea for a product. It could go to its banker for financing, but instead it turns to DeFi. In a jiffy, it tokenizes a bunch of receivables onto a blockchain and lodges them as collateral on a decentralized lending platform in return for U.S. dollar stablecoins. A few moments later, it swaps these dollars for Euro stablecoins using a decentralized exchange, sending them to its French supplier to purchase inventory.

This chain of transactions has the promise of being cheap, fast and avoiding the walled garden of regular banks. Unfortunately, our Toledo manufacturer probably won’t bother.

All blockchain transactions are public by default. The government, your competitors and your mother can all see what you are doing. Blockchain analytics firms like Chainalysis and CipherTrace make it their business to track, analyze and interpret every trade and transaction.

Secrecy is vital to commerce. Not only is it important for businesses to protect the privacy of their customers, they must also keep their competitors in the dark lest their long-term strategy be divined and countered or copied. Our Toledo manufacturer doesn’t want its intentions to be telegraphed by their on-chain financial preparations.

As for individuals, they don't want their friends and colleagues to know what their salary is, or what kinds of porn they're purchasing. No one wants to be doxxed. We like our secrets.

Bricks-and-mortar finance is already capable of providing the secrecy that Main Street requires. Individuals and corporations generally trust their old-school bankers not to reveal information about their financial dealings to others. It's not quite cash-level anonymity. Yes, there are leaks and hacks. And under certain conditions, a banker must disclose information to law enforcement. But in general, Main Street trusts the confidentiality and probity of their financial provider.

So if Main Street users are ever going to migrate over to DeFi, privacy will have to be built first. But not just any privacy.

Tornado Cash has become the DeFi world's go-to tool for achieving anonymity. A user can send funds to a Tornado Cash smart contract where it gets mixed up and obfuscated with other people's funds. Later, that user can surreptitiously withdraw the same amount of money to a separate address. A technology called zk-SNARKs is used to reduce the ability of third parties to trace funds through Tornado.

Unfortunately, Tornado Cash has become a popular venue for thieves to clean stolen funds. The presence of criminals will make Main Street businesses like our Toledo-based manufacturer hesitate. Depositing company funds into a Tornado Cash smart contract may be construed as mixing them with criminally-derived funds. That's probably not the sort of money laundering risk that licit money wants to take.

The best solution for bringing privacy to DeFi is native anonymity. That is, all blockchain transactions have to be opaque by default. That way, Main Street users get the privacy they require without having to take the risk of jumbling up their coins with crooks. (Approaches like the Aztec Network, a privacy layer implemented on top of the base Ethereum layer, might be a solution.)

While native anonymity would solve Main Street's very real need for secrecy, it will lead to the next hurdle to widespread adoption: too much anonymity.

If a Main Street financial user like our Toledo manufacturer can't risk tumbling their coins with dirty money on Tornado Cash, neither can they risk commingling their funds on decentralized exchanges or lending tools that grant unconditional access to everyone, including thieves' dirty funds.

To make their tools palatable for Main Street, DeFi tool makers will have to unwind some of the native anonymity (potentially) afforded by blockchains by collecting and verifying identifying information from users. This way the tools can screen out criminals, assuring legitimate businesses that their clean funds aren't being tainted by dirty money.

The implication is that DeFi tools will have to become privacy managers, just like old-school banks are. Users will have to trust the tools to be discreet with their personal information, only breaking their privacy when certain conditions are required, such as law enforcement requests.

It’s possible that DeFi succeeds in doing a better job of preserving privacy than traditional financial institutions. By using zero-knowledge proofs for collecting identity, DeFi tools may be able to control the spray of personal information required to gain access. This may reduce the amount of information that gets lost to hacks.

In sum, if DeFi wants to attract Main Street users, an odd mix of more secrecy and less secrecy is required. Secrecy is important to businesses and individuals. They don’t want their information to be naked for all to see. But Main Street doesn't want complete anonymity. It wants to use DeFi tools that strip away just enough secrets to assure that dirty money is being excluded.

Only when this balance has been achieved will businesses like our Toledo, Ohio, manufacturer venture onto the blockchain.


  1. What if he gets a JPM Coin loan which he can pay back for the same amount of JPM Coin, or dollars plus interest? What if his suppliers accept JPM Coin too? Can JPM make all the transaction info opaque to all but them? How much of a dollar premium would you pay for JPM Coin?

    1. Does JPM Coin offer a certain type of secrecy to its users? It probably does, since it worked with Zcash back in the day on zero knowledge proofs. JPM Coin is being used for intraday repo right now, so it's very important for participants to have a degree of privacy from both each other and JP Morgan, since they won't want their trading strategies to be anticipated.

  2. "To make their tools palatable for Main Street, DeFi tool makers will have to unwind some of the native anonymity (potentially) afforded by blockchains by collecting and verifying identifying information from users. This way the tools can screen out criminals, assuring legitimate businesses that their clean funds aren't being tainted by dirty money."

    I'm not really sure if that's honestly feasible. Typically that sort of practice traditionally has to be managed by a trusted third party who manages privacy records on the behalf of their users. Having privacy that can be turned on or off willy nilly by a centralized entity seems anathema to the functioning of DeFi. You could theoretically go halfway with it by implementing privacy protections that are labor intensive to dig through but still feasible to find, but that's already kinda the case with even the traditionally transparent blockchains like Bitcoin. When considering how new addresses can be made, cold storage wallets can be swapped in the real world, the sheer volume of transactions, etc its typically not particularly easy to find people who want to stay hidden while using transparent chains even when taking into account chain analysis software.

    At best you could trace at the point of exchange from fiat to crypto, but good luck enforcing regulations on crypto to crypto transactions. Especially if there's a future where all crypto transactions are low fee and fast, it'd be a complete nightmare to try and enforce AML compliance on a market where people can own any crypto wallet not directly tied to their identity.

    Of course if you *did* create a DeFi crypto currency where real world identities were tied to addresses universally you'd basically have non-existent privacy. Solutions to introduce some mid level amount of privacy like hiding transactions for most people would require hiding the blockchain as well except for law enforcement, for who there's not really any decentralized algorithm that can cater to them.

    On a fundamental level, the sort of halfway privacy you envision isn't really possible without severely compromising the decentralization of DeFi. Its more or less an all or nothing affair between Bitcoin transparency and Monero privacy. This is reflected in market share, where typically the more absolutist approaches of Monero's privacy outperform its somewhat privacy focused peers.

    In the end though, isn't traditional paper cash a fairly decent counter-argument against the notion that compliance to law enforcement requests is a necessary pre-requisite to large scale adoption and usage? Paper money is still by far the most popular method of conducting dirty money laundering or other such business, and it sees plenty of mainstream use nonetheless.